Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/2IuwzlFOMn3wR4Vcg33rtw1Kmiw.roa
File:                     2IuwzlFOMn3wR4Vcg33rtw1Kmiw.roa (raw, json)
Hash identifier:          2ftbjRu0FyAys4hWW6i46SF0l52BlnMRqOBN5KGFLo8=
Subject key identifier:   D8:8B:B0:CE:51:4E:32:7D:F0:47:85:5C:83:7D:EB:B7:0D:4A:9A:2C
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       01857C3C8FFFFF3F95FFAEE36FCFBD23A425
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/2IuwzlFOMn3wR4Vcg33rtw1Kmiw.roa
Signing time:             Wed 04 Jan 2023 10:03:41 +0000
ROA not before:           Wed 04 Jan 2023 10:03:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        185.132.125.0/24 maxlen: 24
                          45.136.196.0/24 maxlen: 24
                          45.136.197.0/24 maxlen: 24
                          45.136.198.0/24 maxlen: 24
                          45.136.199.0/24 maxlen: 24
                          176.97.64.0/23 maxlen: 23
                          185.87.148.0/23 maxlen: 23
                          188.116.22.0/24 maxlen: 24
                          195.54.171.0/24 maxlen: 24
                          176.97.70.0/23 maxlen: 23
                          176.97.68.0/23 maxlen: 23
                          176.97.66.0/23 maxlen: 23
                          176.97.72.0/24 maxlen: 24
                          176.97.73.0/24 maxlen: 24
                          176.97.75.0/24 maxlen: 24
                          176.97.76.0/24 maxlen: 24
                          176.97.77.0/24 maxlen: 24
                          5.61.62.0/23 maxlen: 23
                          5.61.60.0/23 maxlen: 23
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:7c:3c:8f:ff:ff:3f:95:ff:ae:e3:6f:cf:bd:23:a4:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  4 10:03:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d88bb0ce514e327df047855c837debb70d4a9a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:06:b0:37:07:a2:e4:bb:f4:43:62:ab:11:8b:
                    0a:cb:4f:71:4b:71:82:78:cb:b0:64:42:70:5b:38:
                    fe:e4:6b:31:c9:28:27:98:2d:f5:ba:68:93:6a:cb:
                    be:cf:de:a6:de:fe:45:9c:92:32:55:af:c3:8b:78:
                    61:4c:e6:70:17:2d:9e:aa:ab:dd:e7:5c:bd:b9:9f:
                    74:e6:aa:80:69:08:0f:b2:84:5d:33:54:7a:6c:3d:
                    5c:57:09:a6:0c:59:f9:b1:3a:3c:50:ef:75:78:ec:
                    5f:07:35:b0:56:4a:e6:ec:f5:50:89:5a:c1:a3:29:
                    88:b2:d3:ef:cb:39:fb:d1:d7:25:ba:7f:c5:22:81:
                    8d:99:dc:b7:ab:2f:d4:be:24:62:c5:5f:4a:6b:13:
                    ed:92:ee:46:bf:fb:e5:63:77:87:a6:c9:0b:81:c7:
                    c0:a6:0b:10:b0:8e:b6:df:d8:33:3e:e7:1b:7d:11:
                    7a:8a:cf:f0:93:4a:ef:d0:09:8f:a5:d5:7c:22:0f:
                    9b:f1:73:c7:d2:22:2b:45:58:8d:ef:50:0f:c0:c5:
                    3b:e4:95:cc:d1:94:d7:9c:2a:25:fc:a4:c3:ac:79:
                    d2:9f:2e:88:d7:ce:4a:43:96:ad:40:10:28:7e:c1:
                    14:4f:15:39:c6:9f:e0:e0:44:b8:58:60:cf:bf:91:
                    dc:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:8B:B0:CE:51:4E:32:7D:F0:47:85:5C:83:7D:EB:B7:0D:4A:9A:2C
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/2IuwzlFOMn3wR4Vcg33rtw1Kmiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.60.0/22
                  45.136.196.0/22
                  176.97.64.0-176.97.73.255
                  176.97.75.0-176.97.77.255
                  185.87.148.0/23
                  185.132.125.0/24
                  188.116.22.0/24
                  195.54.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:39:3a:f3:37:43:a0:09:8d:f8:8b:a6:31:57:e5:0a:73:d2:
         73:ec:f2:dd:f8:1b:93:54:87:c1:cf:c5:83:43:1f:b9:2b:77:
         fc:2d:4e:5f:60:27:1d:4b:86:6c:66:e4:89:7b:fa:67:39:c0:
         74:67:5c:7f:5d:fe:71:59:cb:51:73:0e:ef:de:dd:bc:53:a1:
         14:2f:bb:87:c6:41:56:15:6c:dd:3c:82:e7:df:18:3d:29:78:
         c3:1e:4f:dd:c7:fe:d6:ef:18:67:df:be:df:cd:76:3b:23:b8:
         31:29:17:7b:b0:b7:8f:98:51:5d:3a:1b:4c:25:a4:50:9f:d1:
         e3:1e:0d:b9:57:80:23:38:16:bf:0f:0c:4b:1b:17:da:61:d3:
         71:d2:6b:48:1a:b6:67:c7:56:55:68:a1:fb:91:c7:9b:1d:07:
         10:bb:43:71:4d:14:90:26:46:56:74:b6:50:d3:56:29:93:43:
         8a:82:81:2d:02:45:66:1f:7a:cc:38:5e:07:88:9a:cd:1d:e0:
         8d:a9:e2:4f:74:d7:09:d8:c1:a1:d1:7e:c3:65:70:06:53:4d:
         44:41:81:a4:eb:e6:1b:d4:46:f6:a5:ea:ea:6f:1a:af:5d:ca:
         da:96:c8:d8:d0:ed:01:c9:f4:56:45:89:9d:7a:6e:c9:7c:31:
         85:ea:4b:27
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYV8PI///z+V/67jb8+9I6QlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjMwMTA0MTAwMzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODhiYjBjZTUxNGUzMjdkZjA0Nzg1NWM4MzdkZWJiNzBkNGE5YTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAawNwei5Lv0Q2KrEYsKy09xS3GC
eMuwZEJwWzj+5GsxySgnmC31umiTasu+z96m3v5FnJIyVa/Di3hhTOZwFy2eqqvd
51y9uZ905qqAaQgPsoRdM1R6bD1cVwmmDFn5sTo8UO91eOxfBzWwVkrm7PVQiVrB
oymIstPvyzn70dclun/FIoGNmdy3qy/UviRixV9KaxPtku5Gv/vlY3eHpskLgcfA
pgsQsI6239gzPucbfRF6is/wk0rv0AmPpdV8Ig+b8XPH0iIrRViN71APwMU75JXM
0ZTXnCol/KTDrHnSny6I185KQ5atQBAofsEUTxU5xp/g4ES4WGDPv5HcmwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFNiLsM5RTjJ98EeFXIN967cNSposMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvMkl1d3psRk9NbjN3UjRWY2czM3J0dzFLbWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQCBT08AwQC
LYjEMAwDBAawYUADBAGwYUgwDAMEALBhSwMEAbBhTAMEAblXlAMEALmEfQMEALx0
FgMEAMM2qzANBgkqhkiG9w0BAQsFAAOCAQEA1Dk68zdDoAmN+IumMVflCnPSc+zy
3fgbk1SHwc/Fg0MfuSt3/C1OX2AnHUuGbGbkiXv6ZznAdGdcf13+cVnLUXMO797d
vFOhFC+7h8ZBVhVs3TyC598YPSl4wx5P3cf+1u8YZ9++3812OyO4MSkXe7C3j5hR
XTobTCWkUJ/R4x4NuVeAIzgWvw8MSxsX2mHTcdJrSBq2Z8dWVWih+5HHmx0HELtD
cU0UkCZGVnS2UNNWKZNDioKBLQJFZh96zDheB4iazR3gjaniT3TXCdjBodF+w2Vw
BlNNREGBpOvmG9RG9qXq6m8ar13K2pbI2NDtAcn0VkWJnXpuyXwxhepLJw==
-----END CERTIFICATE-----